In the Add from the gallery section, type AirWatch in the search box. Select AirWatch from results panel and then add the app. Wait a few seconds while the app is added to your tenant. Configure and test Azure AD single sign-on. Configure and test Azure AD SSO with AirWatch using a test user called B.Simon. For SSO to work, you need to. Approach to Mac management with quick deployment options, easy app delivery and end-to-end security. As an Apple mobility partner, AirWatch is committed to supporting macOS and Apple programs for businesses and schools. KEY BENEFITS. Enable Mac management for the enterprise with unified endpoint management in a single solution. Eliminate. Mar 06, 2017 VMware Workspace ONE UEM 9.2: User-Approved MDM Enrollment in macOS 10.13.2 - Feature Walk-through - Duration: 1:41. VMware End-User Computing 2,485 views. AirWatch Laptop Management. Download Now White Paper EMM is the Future of Mac Management. Download Now White Paper A Definitive Guide to Windows 10 Management. Deliver any app to enable users on any endpoint. Deploy apps from any source, including.
Author:Shardul Navare
Shardul is Senior Solutions Architect for VMware End-User Computing (EUC).
Do you ever wish the productivity apps your end-users love had more security features? VMware AirWatch REST APIs can help make this idea a reality by integrating AirWatch REST APIs with existing IT infrastructures and third-party applications. AirWatch API integration extends enterprise mobility management functionality to external programs, and is an efficient, cost-effective alternative to building in-house applications. No wonder REST APIs are a pillar of the AirWatch Developer's Toolkit!
This post is most appropriate for the following audiences:
- Anyone new to VMware AirWatch Enterprise Mobility Management
- Anyone new to VMware AirWatch REST API capabilities
If you fall into one of these categories, keep reading to learn about:
- Security features of AirWatch REST APIs
- AirWatch REST APIs available for integration
- Authentication Methods for AirWatch REST APIs
- Getting Started configurations in the AirWatch Console
AirWatch REST API Security Features
- Encrypted Communication – REST API calls take place over HTTPS with a certificate signed by a publicly trusted CA.
- Two-Factor Authentication – Along with the standard headers, API server authentication requires the following headers:
- Authorization – Authorization header with base 64 encoding of API admin credentials.
- aw-tenant-code – Header value same as API key randomly generated in the AirWatch Console.
- Multiple Authentication Options – AirWatch API Admin can authenticate with the API server using Basic/ NTLM, Directory, or Certificate authentication.
- Configurable API Admin Permissions – Default and custom admin roles can restrict the API admin to a limited set of API actions.
- Advanced On-Premise Settings – On-premises deployments can restrict server throttling and set daily quotas to prevent API overflows and potential service crashes.
Available AirWatch REST APIs
Integrate VMware AirWatch's REST APIs with third party applications, programs, and processes, and take enterprise mobility management beyond the VMware AirWatch solution.
Authentication Methods for AirWatch REST APIs
VMware AirWatch supports multiple ways for Console Admin Users to authenticate into the API server:
Basic Authentication
Authentication into the API server uses a generic username and password. Implementation is simple. However, this authentication model does not integrate with existing corporate user accounts.
Basic Authentication Authorization Header
The authorization header should hold the value in the following example format:Certificate Authentication
Uses a self-signed certificate generated by the AirWatch Console for API Server authentication. AirWatch certificate-based API authentication accepts incoming requests with CMS signatures and CMSURL authentication schemes.
CMS Signatures Authorization Header
Expects the signature against the message content, and takes the following format.Authorization:CMS'< Version >< CREDENTIALS >
< Version > information.
< CREDENTIALS > is the Base64 Encoded data of 'message content' signed with client certificate using PKCS9 signing.
CMSURL Scheme Authorization Header
Expects the signature against the application path in the URL, and takes the following format.Authorization:CMSURL'< Version >< CREDENTIALS >
< Version > information.
Airwatch Mac Download
< CREDENTIALS > is the Base64 Encoded data of 'canonical URI resource encoded using UTF-8 format' signed with client certificate using PKCS9 signing.
Directory-Based Authentication
Authentication into the API server uses existing corporate credentials. This method integrates existing corporate accounts from Directory Services with AirWatch user and admin accounts.
Enable AirWatch REST APIs
To enable API access in the AirWatch Console:
- Log into the AirWatch Console.
- Navigate to Groups & Settings> All Settings > System > Advanced > API > REST API.
- Configure the General, Authentication, and the Advanced tab.
a. Configure General tab settings.
- Enable API Access – Select Enabled to generate the API authentication key.
- Add – Select to generate multiple the API key for one or multiple servers. Then, configure the related settings.
- Service – Enter one or multiple service(s) and generate their independent API keys.
- Account Type – Select the type of the account. To access the Mobile Content Management Personal Content APIs, select Enrollment User.
- Description – Provide a short description for the service and generated API key.
- Whitelisted Domains – Specify the domains where the API key is valid.
b. Configure the Authentication Tab
c. Configure the Advanced tab.
At the Global Organization Group level, specify default service throttling and daily quota values.- Server Throttling – Set the server bandwidth throttling. When server reaches the specified throttling limit, it offloads new requests and not respond to them.
- Daily Quota – Set the number of API calls to be sent per day.
Configure API Access
After enabling APIs, configure API access. First, create a dedicated administrator account for API authentication. Then, select an authentication method. Finally, provision roles with specific API privileges to the administrator.
Airwatch Mac Download Windows 10
- Navigate to Accounts > Administrators > List View.
- Click Add> Add Admin.
- Configure the following tabs:
a. On the Basic tab, complete the required fields to create a dedicated admin for API access.
b. Click the Roles tab, and specify the admin role's API authentication permissions.
c. On the API tab, select the Authentication method from the drop-down menu.
If configuring certificate authentication, select Certificates from the Authentication drop-down menu, and enter the same password provided on the Basic tab for Certificate Password. - Select Save to create the API Admin Account with defined access permissions.
Summary
Use VMware AirWatch REST APIs as an efficient way to leverage core enterprise mobility management functionality in enterprise servers, programs, and processes. These APIs facilitate custom application development and integration with AirWatch.
Learn More
- API Help Page – Learn about REST APIs setup and view comprehensive documentation Navigate to https://{apiURL}/api/help and authenticate using API admin credentials.
- Hands-On Lab – Select Module 5, Introduction to AirWatch REST APIs. Complete the exercises in roughly 30 minutes.
- VMware AirWatch REST API Guide – Access technical reference material in the manual.
Vmware Airwatch Agent
With contributions from:
Vmware Airwatch Mobile Device Management
Hannah Jernigan, Technical Writer, End User Computing Technical Marketing, VMware